本文内容

Azure 负载均衡器标准版概述Azure Load Balancer Standard overview

07/20/2018

作者

本文内容

使用 Azure 负载均衡器可以缩放应用程序，并为服务提供高可用性。Azure Load Balancer allows you to scale your applications and create high availability for your services.负载均衡器可用于入站和出站方案、提供低延迟和高吞吐量，以及为所有 TCP 和 UDP 应用程序纵向扩展到数以百万计的流。Load Balancer can be used for inbound as well as outbound scenarios and provides low latency, high throughput, and scales up to millions of flows for all TCP and UDP applications.

什么是标准负载均衡器？What is Standard Load Balancer?

标准负载均衡器是适用于所有 TCP 和 UDP 应用程序的新型负载均衡器产品，与基本负载均衡器相比拥有更广泛和精细的功能集。Standard Load Balancer is a new Load Balancer product for all TCP and UDP applications with an expanded and more granular feature set over Basic Load Balancer.尽管两者有许多相似之处，但请务必熟悉本文中所述的差异。While there are many similarities, it is important to familiarize yourself with the differences as outlined in this article.

可将标准负载均衡器用作公共或内部负载均衡器。You can use Standard Load Balancer as a public or internal Load Balancer.虚拟机可以连接到一个公共负载均衡器资源和一个内部负载均衡器资源。And a virtual machine can be connected to one public and one internal Load Balancer resource.

负载均衡器资源的功能始终表示为前端、规则、运行状况探测和后端池定义。The Load Balancer resource's functions are always expressed as a frontend, a rule, a health probe, and a backend pool definition.资源可以包含多项规则。A resource can contain multiple rules.可通过从虚拟机的 NIC 资源指定后端池，将虚拟机放入其中。You can place virtual machines into the backend pool by specifying the backend pool from the virtual machine's NIC resource.此参数通过网络配置文件传递，并在使用虚拟机规模集时进行扩展。This parameter is passed through the network profile and expanded when using virtual machine scale sets.

资源的虚拟网络范围是一个重要方面。One key aspect is the scope of the virtual network for the resource.尽管基本负载均衡器存在于可用性集范围内部，但标准负载均衡器与虚拟网络范围完全集成，且所有虚拟网络概念均适用。While Basic Load Balancer exists within the scope of an availability set, a Standard Load Balancer is fully integrated with the scope of a virtual network and all virtual network concepts apply.

负载均衡器资源是一些对象，可在其中表述 Azure 应如何设定其多租户基础结构，以实现想要创建的场景。Load Balancer resources are objects within which you can express how Azure should program its multi-tenant infrastructure to achieve the scenario you wish to create.负载均衡器资源与实际基础结构之间不存在直接的关系，创建负载均衡器不会创建实例，可始终使用容量，且无需考虑启动或缩放延迟。There is no direct relationship between Load Balancer resources and actual infrastructure; creating a Load Balancer doesn't create an instance, capacity is always available, and there are no start-up or scaling delays to consider.

为何使用标准负载均衡器？Why use Standard Load Balancer?

使用标准负载均衡器可以扩展应用程序，并为小型部署到大型复杂多区域体系结构创建高可用性。Standard Load Balancer enables you to scale your applications and create high availability for small scale deployments to large and complex multi-zone architectures.

查看下表，了解标准负载均衡器与基本负载均衡器之间的差异概述：Review the table below for an overview of the differences between Standard Load Balancer and Basic Load Balancer:

多个前端，可根据每个负载均衡规则选择禁用。必须显式创建出站方案，以便虚拟机能够使用出站连接。Multiple frontends with per load balancing rule opt-out. An outbound scenario must be explicitly created for the virtual machine to be able to use outbound connectivity.虚拟网络服务终结点无需出站连接便可访问，且不会计入处理的数据。Virtual Network Service Endpoints can be reached without outbound connectivity and do not count towards data processed.任何公共 IP 地址（包括不作为 VNet 服务终结点提供的 Azure PaaS 服务）必须通过出站连接才能访问，且计入处理的数据。Any public IP addresses, including Azure PaaS services not available as VNet Service Endpoints, must be reached via outbound connectivity and count towards data processed.如果只有一个内部负载均衡器向虚拟机提供服务，通过默认 SNAT 的出站连接将不可用。When only an internal Load Balancer is serving a virtual machine, outbound connections via default SNAT are not available.出站 SNAT 编程特定于传输协议，并以入站负载均衡规则的协议为基础。Outbound SNAT programming is transport protocol specific based on protocol of the inbound load balancing rule.

后端池Backend pool

标准负载均衡器的后端池在虚拟网络中扩展到任何虚拟机资源。Standard Load Balancer backend pools expands to any virtual machine resource in a virtual network.可包含多达 1000 个后端实例。It can contain up to 1000 backend instances.后端实例是 IP 配置（NIC 资源的属性）。A backend instance is an IP configuration, which is a property of a NIC resource.

后端池可以包含独立的虚拟机、可用性集或虚拟机规模集。The backend pool can contain standalone virtual machines, availability sets, or virtual machine scale sets.还可以在后端池中混合资源。You can also blend resources in the backend pool.按每个负载均衡器资源计算，最多可以在后端池中混合 150 个资源。You can combine up to 150 resources in the backend pool per Load Balancer resource.

考虑后端池的设计方式时，可针对单个后端池资源的最小数字进行设计，从而进一步优化管理操作的持续时间。When considering how to design your backend pool, you can design for the least number of individual backend pool resources to further optimize the duration of management operations.在数据平面性能或规模中不存在任何差异。There is no difference in data plane performance or scale.

可用性区域Availability Zones

标准负载均衡器在提供可用性区域的区域中支持其他功能。Standard Load Balancer supports additional abilities in regions where Availability Zones are available.这些功能可增量到所有标准负载均衡器提供的内容。These features are incremental to all Standard Load Balancer provides.可用性区域配置可用于公共和内部标准负载均衡器。Availability Zones configurations are available for public and internal Standard Load Balancer.

使用可用性区域在区域中部署时，非区域性前端默认变为区域冗余前端。Non-zonal frontends become zone-redundant by default when deployed in a region with Availability Zones.区域冗余前端在发生区域故障后仍保留，并由所有区域中的专用基础结构同时提供。A zone-redundant frontend survives zone failure and is served by dedicated infrastructure in all of the zones simultaneously.

此外，可以保证特定区域的前端。Additionally, you can guarantee a frontend to a specific zone.区域前端的运行状况取决于相应的区域，仅由一个区域中的专用基础结构提供。A zonal frontend shares fate with the respective zone and is served only by dedicated infrastructure in a single zone.

跨区域负载均衡可用于后端池，且 VNet 中的任何虚拟机资源均可成为后端池的一部分。Cross-zone load balancing is available for the backend pool, and any virtual machine resource in a vnet can be part of a backend pool.

诊断Diagnostics

标准负载均衡器通过 Azure Monitor 提供多维度指标。Standard Load Balancer provides multi-dimensional metrics through Azure Monitor.可以就给定维度对这些指标进行筛选、分组和细分。These metrics can be filtered, grouped, and broken out for a given dimension.可便于深入了解服务的当前及历史性能和运行状况。They provide current and historic insights into performance and health of your service.还支持资源运行状况。Resource Health is also supported.以下是支持的诊断的简要概述：Following is a brief overview of supported diagnostics:

指标Metric

DescriptionDescription

VIP 可用性VIP availability

负载均衡器标准版持续运用从区域内部到负载均衡器前端，直到支持 VM 的 SDN 堆栈的数据路径。Load Balancer Standard continuously exercises the data path from within a region to the Load Balancer front-end all the way to the SDN stack that supports your VM.只要保留正常实例，这种度量就会遵循应用程序负载均衡的流量所用的相同路径。As long as healthy instances remain, the measurement follows the same path as your application's load-balanced traffic.此外，还会验证客户使用的数据路径。The data path that is used by your customers is also validated.度量对于应用程序不可见，且不会干扰其他操作。The measurement is invisible to your application and does not interfere with other operations.

DIP 可用性DIP availability

负载均衡器标准版使用分布式运行状况探测服务，根据配置设置监视应用程序终结点的运行状况。Load Balancer Standard uses a distributed health probing service that monitors your application endpoint's health according to your configuration settings.此指标提供负载均衡器池中每个实例终结点的聚合视图或按终结点筛选的视图。This metric provides an aggregate or per endpoint filtered-view of each individual instance endpoint in the Load Balancer pool.可以查看负载均衡器如何根据运行状况探测配置的指示了解应用程序的运行状况。You can see how Load Balancer views the health of your application as indicated by your health probe configuration.

SYN 数据包SYN packets

负载均衡器标准版不会终止 TCP 连接，也不会与 TCP 或 UDP 数据包流交互。Load Balancer Standard does not terminate TCP connections or interact with TCP or UDP packet flows.流及其握手始终位于源和 VM 实例之间。Flows and their handshakes are always between the source and the VM instance.若要更好地排查 TCP 协议方案的问题，可以使用 SYN 数据包计数器了解进行了多少次 TCP 连接尝试。To better troubleshoot your TCP protocol scenarios, you can make use of SYN packets counters to understand how many TCP connection attempts are made.该指标将报告接收到的 TCP SYN 数据包数目。The metric reports the number of TCP SYN packets that were received.

SNAT 连接SNAT connections

负载均衡器标准版报告公共 IP 地址前端上伪装的出站流数。Load Balancer Standard reports the number of outbound flows that are masqueraded to the Public IP address front-end.SNAT 端口是可耗竭性资源。SNAT ports are an exhaustible resource.此指标可以指出应用程序依赖于 SNAT 获取出站发起流的程度有多高。This metric can give an indication of how heavily your application is relying on SNAT for outbound originated flows.将报告成功和失败的出站 SNAT 流的计数器，可使用这些计数器排查和了解出站流的运行状况。Counters for successful and failed outbound SNAT flows are reported and can be used to troubleshoot and understand the health of your outbound flows.

HA 端口HA Ports

标准负载均衡器支持一种新型规则。Standard Load Balancer supports a new type of rule.

可以配置负载均衡规则，让应用程序具有缩放性，并且变得高度可靠。You can configure load balancing rules to make your application scale and be highly reliable.使用 HA 端口负载均衡规则时，在内部标准负载均衡器的前端 IP 地址的每个临时端口上，标准负载均衡器对每个流提供负载均衡。When you use an HA Ports load balancing rule, Standard Load Balancer will provide per flow load balancing on every ephemeral port of an internal Standard Load Balancer's frontend IP address.该功能对无法或不需要指定单个端口的其他方案也很有用。The feature is useful for other scenarios where it is impractical or undesirable to specify individual ports.

使用 HA 端口负载均衡规则，可以为网络虚拟设备以及任何需要大范围入站端口的应用程序创建主动-被动或主动-被动 n+1 方案。An HA Ports load balancing rule allows you to create active-passive or active-active n+1 scenarios for Network Virtual Appliances and any application, which requires large ranges of inbound ports.运行状况探测可用于确定接收新流的后端。A health probe can be used to determine which backends should be receiving new flows.可使用网络安全组模拟端口范围方案。You can use a Network Security Group to emulate a port range scenario.

重要

如果计划使用网络虚拟设备，请咨询供应商以获取指南，了解他们的产品是否测试了 HA 端口，然后按照他们提供的特定指南进行实现。If you are planning to use a Network Virtual Appliance, check with your vendor for guidance on whether their product has been tested with HA Ports and follow their specific guidance for implementation.

默认保护Secure by default

标准负载均衡器已完全载入虚拟网络。Standard Load Balancer is fully onboarded to the virtual network.虚拟网络是封闭的专用网络。The virtual network is a private, closed network.标准负载均衡器和标准公共 IP 地址旨在允许从虚拟网络外部访问该虚拟网络，因此，这些资源现在默认处于关闭状态，除非手动打开。Because Standard Load Balancers and Standard public IP addresses are designed to allow this virtual network to be accessed from outside of the virtual network, these resources now default to closed unless you open them.这意味着网络安全组 (NSG) 现在可用于显式允许并将允许的流量添加到允许列表。This means Network Security Groups (NSGs) are now used to explicitly permit and whitelist allowed traffic.可以创建整个虚拟数据中心，并通过 NSG 决定其提供的内容和可用的时间。You can create your entire virtual data center and decide through NSG what and when it should be available.如果虚拟机资源的子网或 NIC 上没有 NSG，禁止流量到达此资源。If you do not have an NSG on a subnet or NIC of your virtual machine resource, traffic is not allowed to reach this resource.

使用标准负载均衡器时，请牢记以下关键原则：These are the key tenets to remember when working with Standard Load Balancer:

驱动负载均衡器资源的是规则完成。the completion of a rule drives the Load Balancer resource.Azure 的所有编程均派生自其配置。all programming of Azure derives from its configuration.

多个前端可用时，会使用所有前端，每个前端成倍增加可用的 SNAT 端口数。when multiple frontends are available, all frontends are used and each frontend multiplies the number of available SNAT ports

如果不希望某特定前端用于出站连接，可进行选择和控制。you can choose and control if you do not wish for a particular frontend to be used for outbound connections.

出站方案处于显式状态，指定出站连接后，该连接才会存在。outbound scenarios are explicit and outbound connectivity does not exist until it has been specified.

负载均衡规则推断 SNAT 的编程方式。load balancing rules infer how SNAT is programmed.负载均衡规则特定于协议。Load balancing rules are protocol specific.SNAT 特定于协议，配置应反映这一点，而不是产生副作用。SNAT is protocol specific and configuration should reflect this rather than create a side effect.

多个前端Multiple frontends

希望出现或已遇到出站连接的高需求时，如果想要更多 SNAT 端口，还可以通过配置其他前端、规则和后端池，将增量 SNAT 端口库存添加到相同的虚拟机资源。If you want more SNAT ports because you are expecting or are already experiencing a high demand for outbound connections, you can also add incremental SNAT port inventory by configuring additional frontends, rules, and backend pools to the same virtual machine resources.

控制用于出站的前端Control which frontend is used for outbound

如果要将出站连接限制为仅来自于特定前端 IP 地址，可以按需在表示出站映射的规则上禁用出站 SNAT。If you want to constrain outbound connections to only originate from a specific frontend IP address, you can optionally disable outbound SNAT on the rule which expresses the outbound mapping.

控制出站连接Control outbound connectivity

标准负载均衡器存在于虚拟网络的上下文中。Standard Load Balancer exists within the context of the virtual network.虚拟网络是独立的专用网络。A virtual network is an isolated, private network.除非存在与公共 IP 地址的关联，否则不允许公共连接。Unless an association with a public IP address exists, public connectivity is not allowed.可以访问 VNet 服务终结点，因为它们在虚拟网络内部并位于本地。You can reach VNet Service Endpoints because they are inside of and local to your virtual network.若要对虚拟网络外部的目标建立出站连接，可执行以下两个选项：If you want to establish outbound connectivity to a destination outside of your virtual network, you have two options:

将标准 SKU 公共 IP 地址作为实例层级公共 IP 地址分配到虚拟机资源；assign a Standard SKU public IP address as an Instance-Level Public IP address to the virtual machine resource or

或者，将虚拟机资源放入公共标准负载均衡器的后端池中。place the virtual machine resource in the backend pool of a public Standard Load Balancer.

上述两个选项均允许通过出站连接从虚拟网络访问虚拟网络的外部。Both will allow outbound connectivity from the virtual network to outside of the virtual network.

如果只有一个内部标准负载均衡器与虚拟机资源所在的后端池关联，虚拟机仅可以访问虚拟网络资源和 VNet 终结点。If you only have an internal Standard Load Balancer associated with the backend pool in which your virtual machine resource is located, your virtual machine can only reach virtual network resources and VNet Service Endpoints.可以按照上一段描述的步骤创建出站连接。You can follow the steps described in the preceding paragraph to create outbound connectivity.

多个前端Multiple frontends

负载均衡器使用多个前端支持多项规则。Load Balancer supports multiple rules with multiple frontends.标准负载均衡器将其扩展到出站方案。Standard Load Balancer expands this to outbound scenarios.出站方案与入站负载均衡规则实质上存在逆反关系。Outbound scenarios are essentially the inverse of an inbound load balancing rule.入站负载均衡规则还创建了出站连接的关联。The inbound load balancing rule also creates an associate for outbound connections.标准负载均衡器通过负载均衡规则使用与虚拟机资源关联的所有前端。Standard Load Balancer uses all frontends associated with a virtual machine resource through a load balancing rule.此外，使用负载均衡规则上的参数可以为了出站连接取消负载均衡规则，并允许选择特定前端（包括无前端）。Additionally, a parameter on the load balancing rule and allows you to suppress a load balancing rule for the purposes of outbound connectivity, which allows the selection of specific frontends including none.

为进行比较，基本负载均衡器随机选择一个前端，且无法控制选择哪一个前端。For comparison, Basic Load Balancer selects a single frontend at random and there is no ability to control which one was selected.

可以修改标准负载均衡器资源，显著提高在虚拟机之间移动标准公共 IP 地址的速度。You can modify Standard Load Balancer resources and move a Standard public IP address from one virtual machine to another much faster.

SKU 之间的迁移Migration between SKUs

SKU 不可变。SKUs are not mutable.按照本部分中的步骤从一个资源 SKU 移动到另一个资源 SKU。Follow the steps in this section to move from one resource SKU to another.

重要

全面查看本文档，了解 SKU 之间的差异并仔细检查你的方案。Review this document in its entirety to understand the differences between SKUs and have carefully examined your scenario.可能需要进行其他更改，以与你的方案一致。You may need to make additional changes to align your scenario.

从基本 SKU 迁移到标准 SKUMigrate from Basic to Standard SKU

根据需要创建新的标准版资源（负载均衡器和公共 IP）。Create a new Standard resource (Load Balancer and Public IPs, as needed).重新创建规则和探测定义。Recreate your rules and probe definitions.

为 NIC 或子网创建新的 NSG 或更新现有 NSG，以便将负载均衡流量、探测以及你想要允许的任何其他流量加入允许列表。Create new or update existing NSG on NIC or subnet to whitelist load balanced traffic, probe, as well as any other traffic you wish to permit.

如果适用，从所有 VM 实例中删除基本 SKU 资源（负载均衡器和公共 IP）。Remove the Basic SKU resources (Load Balancer and Public IPs, as applicable) from all VM instances.确保还会删除可用性集的所有 VM 实例。Be sure to also remove all VM instances of an availability set.

从标准 SKU 迁移到基本 SKUMigrate from Standard to Basic SKU

根据需要创建新的基本版资源（负载均衡器和公共 IP）。Create a new Basic resource (Load Balancer and Public IPs, as needed).重新创建规则和探测定义。Recreate your rules and probe definitions.

如果适用，从所有 VM 实例中删除标准 SKU 资源（负载均衡器和公共 IP）。Remove the Standard SKU resources (Load Balancer and Public IPs, as applicable) from all VM instances.确保还会删除可用性集的所有 VM 实例。Be sure to also remove all VM instances of an availability set.

使用基本 SKU 和标准 SKU 具有以下限制。There are limitations regarding use of the Basic and Standard SKUs.

标准 SKU 的 HA 端口和诊断只能在标准 SKU 中使用。HA Ports and Diagnostics of the Standard SKU are only available in the Standard SKU.无法从标准 SKU 迁移到基本 SKU，并同时保留这些功能。You can't migrate from the Standard SKU to the Basic SKU and also retain these features.

根据本文所述，基本和标准 SKU 存在一定差异。Both Basic and Standard SKU have a number of differences as outlined in this article.请确保理解这些差异并做好相应准备。Make sure you understand and prepare for them.

必须对负载均衡器和公共 IP 资源使用匹配的 SKU。Matching SKUs must be used for Load Balancer and Public IP resources.不能混合使用基本 SKU 资源和标准 SKU 资源。You can't have a mixture of Basic SKU resources and Standard SKU resources.无法将独立的虚拟机、可用性集资源中的虚拟机或虚拟机规模集资源同时附加到两个 SKU。You can't attach standalone virtual machines, virtual machines in an availability set resource, or a virtual machine scale set resources to both SKUs simultaneously.

上市区域Region availability

负载均衡器标准版目前已在所有公有云区域推出。Load Balancer Standard is currently available in all public cloud regions.

由于 VNet 之前的服务和其他平台服务功能的副作用，如果仅使用内部标准负载均衡器，则可以访问没有 VNet 和其他 Microsoft 平台服务的辅助角色。Web Worker Roles without a VNet and other Microsoft platform services can be accessible when only an internal Standard Load Balancer is used due to a side effect from how pre-VNet services and other platform services function.请勿依赖此服务，因为相应的服务本身或底层平台可能会在不通知的情况下进行更改。You must not rely on this as the respective service itself or the underlying platform can change without notice.在仅使用内部标准负载均衡器时，必须始终假定需要明确创建出站连接。You must always assume you need to create outbound connectivity explicitly if desired when using an internal Standard Load Balancer only.

负载均衡器属于 TCP 或 UDP 产品，用于对这些特定的 IP 协议进行负载均衡和端口转发。Load Balancer is a TCP or UDP product for load balancing and port forwarding for these specific IP protocols.负载均衡规则和入站 NAT 规则支持 TCP 和 UDP，但不支持其他 IP 协议（包括 ICMP）。Load balancing rules and inbound NAT rules are supported for TCP and UDP and not supported for other IP protocols including ICMP.负载均衡器不会终止、响应 UDP 或 TCP 流的有效负载，也不与之交互。Load Balancer does not terminate, respond, or otherwise interact with the payload of a UDP or TCP flow.它不是一个代理。It is not a proxy.必须使用负载均衡或入站 NAT 规则（TCP 或 UDP）中所用的同一协议在带内成功验证与前端的连接，并且必须至少有一个虚拟机为客户端生成了响应，这样才能看到前端发出的响应。Successful validation of connectivity to a front-end must take place in-band with the same protocol used in a load balancing or inbound NAT rule (TCP or UDP) and at least one of your virtual machines must generate a response for a client to see a response from a front-end.未从前端负载均衡器收到带内响应表明没有任何虚拟机能够做出响应。Not receiving an in-band response from the Load Balancer front-end indicates no virtual machines were able to respond.在虚拟机都不能做出响应的情况下，无法与负载均衡器前端交互。It is not possible to interact with a Load Balancer front-end without a virtual machine able to respond.这一点也适用于出站连接，其中的端口伪装 SNAT 仅支持 TCP 和 UDP；其他任何 IP 协议（包括 ICMP）也会失败。This also applies to outbound connections where port masquerade SNAT is only supported for TCP and UDP; any other IP protocols including ICMP will also fail.分配实例级公共 IP 地址即可缓解问题。Assign an instance-level Public IP address to mitigate.

公共负载均衡器在将虚拟网络中的专用 IP 地址转换为公共 IP 地址时提供出站连接，而内部负载均衡器则与此不同，它不会将出站发起连接转换为内部负载均衡器的前端，因为两者都位于专用的 IP 地址空间中。Unlike public Load Balancers which provide outbound connections when transitioning from private IP addresses inside the virtual network to public IP addresses, internal Load Balancers do not translate outbound originated connections to the front-end of an internal Load Balancer as both are in private IP address space.这可以避免不需要转换的唯一内部 IP 地址空间内发生 SNAT 耗尽。This avoids potential for SNAT exhaustion inside unique internal IP address space where translation is not required.负面影响是，如果来自后端池中 VM 的出站流尝试流向该 VM 所在池中内部负载均衡器的前端，并映射回到自身，则这两个流的分支不会匹配，并且该流将会失败。The side effect is that if an outbound flow from a VM in the back-end pool attempts a flow to front-end of the internal Load Balancer in which pool it resides and is mapped back to itself, both legs of the flow don't match and the flow will fail.如果该流未映射回到后端池中的同一 VM（在前端中创建了流的 VM），则该流将会成功。If the flow did not map back to the same VM in the back-end pool which created the flow to the front-end, the flow will succeed.如果流映射回到自身，则出站流显示为源自 VM 并发往前端，并且相应的入站流显示为源自 VM 并发往自身。When the flow maps back to itself the outbound flow appears to originate from the VM to the front-end and the corresponding inbound flow appears to originate from the VM to itself.从来宾 OS 的角度看，同一流的入站和出站部分在虚拟机内部不匹配。From the guest OS's point of view, the inbound and outbound parts of the same flow don't match inside the virtual machine.TCP 堆栈不会将同一流的这两半看作是同一流的组成部分，因为源和目标不匹配。The TCP stack will not recognize these halves of the same flow as being part of the same flow as the source and destination don't match.当流映射到后端池中的任何其他 VM 时，流的两半将会匹配，且 VM 可以成功响应流。When the flow maps to any other VM in the back-end pool, the halves of the flow will match and the VM can successfully respond to the flow.此方案的症状是间歇性的连接超时。The symptom for this scenario is intermittent connection timeouts.可通过几种常用解决方法来可靠地实现此方案（从后端池发起流，并将其传送到后端池的相应内部负载均衡器前端），包括在内部负载均衡器的后面插入第三方代理，或使用 DSR 式规则。There are several common workarounds for reliably achieving this scenario (originating flows from a back-end pool to the back-end pools respective internal Load Balancer front-end) which include either insertion of a third party proxy behind the internal Load Balancer or using DSR style rules.尽管可以使用公共负载均衡器来缓解问题，但最终的方案很容易导致 SNAT 耗尽，除非有精心的管理，否则应避免这种做法。While you could use a public Load Balancer to mitigate, the resulting scenario is prone to SNAT exhaustion and should be avoided unless carefully managed.